CVE-2022-38660 HIGH

CVE-2022-38660: HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability

Vendor Hcl Software

Product HCL Domino

Weakness CWE-352 · CSRF

Published November 4, 2022

Last update May 2, 2025

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.

Key dates

02Disclosure timeline

November 4, 2022 CVE published

May 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-38660 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-7688 Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2025-32673 WordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution CVE-2023-6766 PHPGurukul Teacher Subject Allocation Management System Delete Course course.php cross-site request forgery CVE-2022-36345 WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)